I’m trying to get an https layer on my blog, sanchke.com. However when I run certbot certonly -d sanchke.com I always end up with a timeout. I’ve been using the http-01 challenge, I myself can even access the challenge file.
I also know that my website is AAAA based, I’ve checked the v6 address and it’s good. Furthermore, sanchke.com is listening to both 80 and 443. Here is the report:
Neither your IPv4 nor v6 address are responding on port 80 (or 443 for that matter).
Are you on a residential ISP? Charter? They may be blocking port 80. It may not be affecting you personally since you are inside your network, but others definitely cannot access your server.
It is also possible that you have not properly forwarded your ports, if you are sitting behind router/modem NAT. nmapping your IP results in zero open ports, which makes me suspect this.
I’ve fixed a few DNS problems that had wrong IPs as you pointed out, that was a few days ago. Today I’m still getting a timeout. I’ve contacted friends in remote locations and they themselves can download the http-01 check file. This isn’t making any sense.
I can confirm what @mnordhoff is seeing—the IPv4 version is working but the IPv6 version, although it’s still advertised with an AAAA record in DNS—times out. Most users couldn’t notice this with a browser (1) because users on most ISPs still don’t have IPv6 connectivity, and (2) most browsers (unlike the Let’s Encrypt CA) fall back automatically from IPv6 to IPv4 if the IPv6 connection doesn’t work.